Hi - I tried to use the anon.penet.fi remailer and got a warning that some people had hacked it to find out for which anonymous ID any user had. It sounded like they would forge mail from the person they wanted to find out about, have it go through penet, and then go to themselves. Then they could look and see what anonymous ID it seemed to come from. This has been fixed by making people register a password with the remailer and then use it whenever they want to forward mail. I'd like to see some discussion here about this problem so that other remailers can avoid it.
Hi - I tried to use the anon.penet.fi remailer and got a warning that some people had hacked it to find out for which anonymous ID any user had. It sounded like they would forge mail from the person they wanted to find out about, have it go through penet, and then go to themselves. Then they could look and see what anonymous ID it seemed to come from.
Precisely!
This has been fixed by making people register a password with the remailer and then use it whenever they want to forward mail.
Yeah. A bit cumbersome, but at least it is an attempt to find a workable compromise between security and ease of use. The password is only required if you intend to mail to "unregistered" addresses. Julf
participants (2)
-
Johan Helsingius
-
root@extropia.wimsey.com